9.3.0 and DNS REQUEST
Barry Margolin
barmar at alum.mit.edu
Fri Nov 12 05:04:44 UTC 2004
In article <cn0ug3$v5h$1 at sf1.isc.org>,
"J.D. Bronson" <jbronson at wixb.com> wrote:
> I have noticed that some spammers have been trying to grab all my zone
> information (But not a XFR)...and the cisco IDS box I have logs this:
>
> DNS REQUEST ALL
>
>
> I can duplicate this:
>
> #nslookup
> server dns1.domain.com
> set q=any
> domain.com
>
>
> and as expected the entire DNS record is presented.
That shouldn't return all the zone information, it should just return
the records for domain.com itself.
> Is there any way to stop this within BIND? - I can DROP the packet using
> IDS on the Cisco, but my 3rd DNS server is located in a system that I
> cannot do this in...
ANY queries are very common. sendmail sends them to get the MX and A
record for your domain in one shot.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list